how to configure wildfire to block a malicious file?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

how to configure wildfire to block a malicious file?

L1 Bithead

i used PA3020 and software version 6.0.0, wildfire version is 26818-33137

i configured wildfire action to block in antivirus profile and apply to security policy already.

Capture1.PNG.png

but, when i test to download a malicious files. the action is alert and i can download this file. why?

Capture.PNG.png

i don't know, what is wrong in my configure and i want to know, how to configure wildfire to block a malicious file.

18 REPLIES 18

This issue was handled by our internal managed support team, escalated to me for assistance and then escalated to PAN with a case opened. I provided them JayD 's Case ID for that very tracking capability. I'm trying to retrieve our PAN Case ID now so it can be listed here.

L2 Linker

Hello,

     does anybody fixed that?

I am experiencing the same issue..

regards.

Walter Doria

L3 Networker

I have the same issue.  Any update?

L3 Networker

Hi,

The WF signature database on the devices don't have all signatures. So if your file is malicious that indicates a file was inspected by WF and with hash check your firewalls knows this verdict.

But to block the file it needs to have a signature in the WF database on your device. If the algorithm to select signatures being in the WF database not selected the signature for your file, your device will not be able to block it.

If the file is triggered the WF algorithm will select the file again to be in the WF database that is pushed towards the devices in one of the next updates. Then you will see it gets blocked.

That is how it works in fact, of course a bug is also possible Smiley Happy

Regards,

Kevin

  • 9162 Views
  • 18 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!